Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world's largest technology distributor with operations in 64 countries and more than 35,000 associates.
We are looking for a Principal Incident Response and Digital Forensics Investigator to join our Investigations and Security Incident Response Team. This hands-on technical role shares responsibilities across the team in conducting digital forensics, cyber threat intelligence, e-discovery, executing threat hunts, participating and leading incident response efforts, and implementing threat protection across the enterprise. The candidate will be responsible for conducting investigations related to violations of the company's information security policy. Such investigations require that the investigator have advanced knowledge of investigative techniques (e.g. Reid, Wicklander) and previous law enforcement experience is preferred.
This position has the possibility of being performed remotely (applicant doesn't need to be onsite in Irvine, CA). You may be required to travel and work outside normal business hours at times to satisfy different time zones and offshore teams as well as during emergency security incidents.
Candidate will be responsible for building, maintaining, and improving tools and techniques that power and enable forensics and threat management capabilities. The person in this role reviews and analyzes large and highly complex datasets and information to provide content, conclusions, and actionable recommendations to mitigate risk and stop attackers.
Candidate should have an applied and in-depth understanding of malware, attacker tactics, techniques, and procedures and experience defending organizations from these threats. In addition to having a breadth of technical experience, the candidate should have leadership and customer communication experience.
Be an integral part of the Investigations and Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
Work to create, leverage automation, continuously develop, maintain a mature investigations and incident response program.
Build and manage a digital forensic lab, including processes and procedures that would stand up in a legal setting.
Work closely with other members of the Information Security team to lead changes in the company's defense posture.
Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company.
What you bring to the role:
Bachelor's degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
A year or more working in a "work from home" / remote capacity if working remote.
Work Experience: Minimum 10 years functional experience including a minimum of 5+ years directly related to this role in incident response and digital forensics.
3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent)
Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
Deep understanding of internals and constructs of modern operation systems.
Proficiency with at least one interpreted programming language (Python, Ruby, etc.) preferred, but not required.
Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security preferred, but not required.
Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
Experience with digital forensics in cloud services a plus
Required Certifications: EnCE
Preferred Certifications: GCFE, GCFA, GREM, GNFA
Pass a proficiency exam related to the role
Please be prepared to provide three current work references and pass a criminal background check and drug test.
Position may require occasional travel of 20 - 30%, including international travel.
This is not a complete listing of the job duties. It's a representation of the things you will be doing, and you may not perform all these duties.
Ingram Micro believes there is no place in our society for social injustice, discrimination or racism. As a company we do not - and will not - tolerate these actions.
Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.